Version: 2008
Advanced Search
advertisementBuy Microsoft Office Home & Student
advertisement
advertisement

Forum display:

Spyware, viruses, & security : Clickjacking: Hijacking clicks on the Internet

by Marianna Schmudlach Moderator - 5/22/09 6:38 AM
advertisement
Post 1 of 3

Clickjacking: Hijacking clicks on the Internet

by Marianna Schmudlach Moderator - 5/22/09 6:38 AM

May 22, 2009

by Elinor Mills


"Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."

The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.

More: http://news.cnet.com/8301-1009_3-10247327-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

Reply
Permalink
Report offensive post
Post 2 of 3

clicking on "don't click" links

by abkorn - 5/23/09 4:23 AM In reply to: Clickjacking: Hijacking clicks on the Internet by Marianna Schmudlach Moderator

I use Firefox with the newest NoScript plug-in (with ClearClick). It seems like that offers pretty solid protection from what I hear. Also, in regards to the prank you mentioned on twitter: am I missing something? Why would someone looking to propagate a clickjacking prank clickjack links that say "don't click"? Wouldn't they get more hits by clickjacking links that would be more widely clicked on (like "click here" instead of "don't click")?

Reply
Permalink
Report offensive post
Post 3 of 3

Are you missing something?

by btljooz - 5/23/09 1:06 PM In reply to: clicking on "don't click" links by abkorn

●About the choice of 'Button Title':

▪1. "Prank" is the key word here. Get more hints by actually reading the story that was linked to at the beginning of this thread: http://news.cnet.com/8301-1009_3-10247327-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

▪2. Psych 101: The best way to get someone to do something is to tell them not to or that they can't do it. Not to mention that people are, basically, lazy. ;)

▪3. Browser choice. How many newbie and 'average' users do you really think actually know that there are more than one browser to choose from, no less how to make good choice & download & install it? Of those who do know of the choices, how many of them in fact utilize the tool(s) at their disposal?

●Parting comments:

I also use Firefox with NoScript. NoScript is great tool! But I also add to that WOT and Flagfox within my arsenal of protective tools.

▪However, as a caveat, there is this FACT to think about, too:

There is no such thing as 'perfect' software!

►Sooner or later some nefarious party is going to come up with a way to circumvent the 'best' security tools. History always repeats itself!

Reply
Permalink
Report offensive post
rss
Forum legend:
Locked Locked thread
Moderator Moderator
CNET staff CNET staff
Samsung staff Samsung staff
Norton Authorized Support team Norton Authorized Support team
AVG staff AVG staff
Windows Outreach team Windows Outreach team
Dell staff Dell staff
Intel staff Intel staff
Powered by Jive Software
Forums
Site map
FAQs
Usage policies
Real time activity
Meet the moderators
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET